Federal Transportation ID Program Lacks Disaster Recovery Plan, Report Says

A power outage at a federal government facility that processes transportation worker identification credentials may cause up to 410,000 of the program’s smart cards to be replaced. The facility lacked IT contingency compliance with federal standards, which could require up to $26 million in government and industry costs to make up for it.

The nation’s ports were required to have individuals who have unescorted access to secure port areas register with the Transportation Worker Identification Credential (TWIC) program by April 15. According to the Transportation Security Administration (TSA), more than 1.1 million people have been enrolled in the program. However, almost half of those workers might need to be issued new credentials after a power outage caused a hardware component failure in a TWIC enrollment and activation system. According to a Government Accountability Office (GAO) report, the TSA lacked a disaster recovery or IT contingency plan for the system — consequently the PINs associated with 410,000 of the program’s smart cards are unable to be updated.

The power outage occurred on Oct. 21, 2008, at a government facility that processes TWIC data in Annapolis Junction, Md. Because of the lack of an IT contingency plan, the TSA is unable to reset the PINs associated with the 410,000 TWIC cards issued before the power failure. Therefore if a transportation worker forgets his or her PIN, the card must be replaced. The report said the TSA doesn’t know the full cost of the problem because it doesn’t know how many of the 410,000 cards will have to be replaced. However, as of Aug. 1, 1,246 people had requested new cards due to the problem. The GAO report estimated that it cost the government $24,920 to issue the new cards to these individuals. The report also said if all the cards must be replaced, it could cost government and industry approximately $26 million.

The report said: “If TSA had planned for a potential TWIC system failure in accordance with federal requirements in contingency planning and internal control standards, it might have averted the system failure that occurred in October 2008. Federal guidance includes having an information technology contingency plan, disaster recovery plan and supporting system(s) in place.”

Paul Libuda, facility security officer of the San Diego Unified Port District, said via e-mail that there currently isn’t a regulatory requirement for Maritime Transportation Security Act regulated facilities to verify the card’s biometric information accessed through the PIN. According to the TSA’s Web site, it’s testing the use of card readers to conduct a one-on-one match of a person’s biometric to the biometric stored on the TWIC card. The cards contain the worker's fingerprint template to allow for a positive link between it and the individual. The TWIC relies on the three security measures:

1. something the person has — the TWIC;
2. something the person knows — the PIN; and
3. something the person is — the fingerprints stored in the TWIC.

Currently security guards at many ports visually inspect the cards upon entry to the terminals. “While we recommend that the card holders go to the local TWIC enrollment center to reset their PIN, the requirement is to visually verify the TWIC card, its security features versus the person presenting it, and the legitimate need of the person to enter the facility,” Libuda said.

Until the card readers are implemented nationwide, workers who have forgotten their PIN won’t be at a disadvantage because many aren’t using it yet. “The PIN reset and need for a TWIC card replacement will become an issue at the point in time that the use of TWIC card readers is required,” Libuda said.

The Maritime Transportation Security Act established the TWIC program. It's administered by the TSA and U.S. Coast Guard in conjunction with the U.S. Department of Homeland Security.

[Photo courtesy of James R. Tourtellotte/ U.S. Customs and Border Protection.]